Authentication

Overview

Frontier Chain uses signature-based authentication, eliminating traditional usernames and passwords. Your Ethereum wallet IS your account - sign messages to prove ownership, no registration required.

Key Features:

No Passwords: Wallet signatures replace passwords
Self-Custody: You control your identity via private keys
No Registration: Connect wallet and start trading
Session Management: Optional session wallets for convenience
Multi-Wallet: Use different wallets for different strategies

How It Works

Basic Authentication Flow

1. Connect Wallet:

User clicks "Connect Wallet"
→ MetaMask (or other wallet) prompts for connection
→ User approves wallet connection
→ App receives wallet address

2. Prove Ownership (optional, for session creation):

App: "Sign this message to prove you own this wallet"
User: Signs authentication message
→ Signature proves private key ownership
→ Session established (if using agent wallet)

3. Trade:

Direct Mode:
Every action → MetaMask popup → Sign → Execute

Agent Mode:
Register agent once → All actions use agent → No popups

Authentication Methods

Direct Wallet Authentication

Process:

Connect wallet to app
Every order signed by main wallet
MetaMask popup for each signature
Maximum security, some friction

Use Cases:

Cautious traders
Large transactions
Infrequent trading
Maximum control

Pros:

No delegation needed
Explicit approval of every action
Private key never exported

Cons:

MetaMask popup for every order
Not suitable for high-frequency trading
User must be present for each action

Agent Wallet Authentication

Process:

Connect main wallet
Create/authorize agent wallet (one-time signature)
Agent signs subsequent orders
No more MetaMask popups

Use Cases:

High-frequency trading
Automated bots
Seamless UX
Active traders

Pros:

One-click trading
No repeated popups
API/bot integration
Faster execution

Cons:

Must trust agent key security
Limited additional risk (funds still in main wallet)
Must manage agent lifecycle

Session Management

Browser Sessions (Session Wallets)

Lifecycle:

1. Open app
2. Connect MetaMask
3. Generate session key (in browser)
4. Sign authorization (one MetaMask popup)
5. Trade all session with session key
6. Close browser → Session ends
7. Next session → Repeat from step 1

Security:

Private key in SessionStorage (auto-clears)
Never hits server
Can't persist across sessions
Expires with browser tab

Persistent Sessions (API Wallets)

Lifecycle:

1. Create named agent in UI
2. Receive private key (shown once)
3. Store key securely
4. Use key until revoked
5. Manually revoke when done

Security:

You control private key storage
Responsibility to secure key
Revocable anytime
Independent of browser

Wallet Connection

MetaMask

Connection Flow:

// Request wallet connection
const accounts = await ethereum.request({
  method: 'eth_requestAccounts'
});

const userAddress = accounts[0];

Permissions:

Read wallet address
Request signatures
No automatic transactions
User approves each signature

WalletConnect

Connection Flow:

1. App displays QR code
2. Scan with mobile wallet
3. Approve connection on mobile
4. Desktop app connected to mobile wallet

Benefits:

Use mobile wallet on desktop
Hardware wallet support (via mobile)
Cross-device trading
Enhanced security

Hardware Wallets (Ledger/Trezor)

Connection:

Via MetaMask or direct integration
Physical device confirmation required
Private keys never leave device
Maximum security

Trade-Off:

Physical confirmation for every signature
Not suitable for high-frequency trading
Recommended for large accounts
Best used with agent wallets

Security Considerations

Main Wallet Security

Protect Your Private Key:

Never share with anyone
Never enter on suspicious sites
Use hardware wallet for large amounts
Keep seed phrase offline and secure

Verify Before Signing:

Check the site URL
Read signature prompts carefully
Verify amounts and addresses
Confirm correct network (mainnet vs testnet)

Agent Wallet Security

Session Wallets:

Automatically cleared when browser closes
Only in memory during session
Can't be stolen if you close browser
Re-authorization needed each session

API Wallets:

Private key storage is YOUR responsibility
Use environment variables, not hardcoded
Secrets managers for production
Rotate keys periodically
Delete when no longer needed

Authentication vs Authorization

Authentication

"Who are you?"

Frontier Chain:

Wallet address is identity
Signature proves ownership
No usernames/passwords
Cryptographic proof

Authorization

"What can you do?"

Direct Wallet:

Full control over account
Can trade, withdraw, modify settings
All permissions

Agent Wallet:

Limited to trading operations
Cannot withdraw funds
Cannot change core settings
Scoped permissions

Multi-Wallet Management

Multiple Accounts

Use Cases:

Different strategies in separate wallets
Personal vs business trading
Risk isolation
Testing vs production

Management:

Switch wallets in MetaMask
Each wallet is independent account
Separate balances and positions
No cross-wallet operations

Subaccounts

Structure:

Main Wallet (Master Account)
├── Subaccount 1 (Conservative strategy)
├── Subaccount 2 (Aggressive strategy)
└── Subaccount 3 (Market making)

Benefits:

Unified main wallet
Isolated risk per subaccount
Separate P&L tracking
Team member delegation

Common Workflows

First-Time User

1. Install MetaMask
2. Create new wallet
3. Save seed phrase securely
4. Visit Frontier Chain app
5. Click "Connect Wallet"
6. Approve connection in MetaMask
7. Fund account
8. Start trading

Daily Trader (Session Wallet)

Morning:
1. Open trading app
2. Connect MetaMask
3. Sign agent authorization
4. Trade all day (no more popups)

Evening:
5. Close browser
6. Session wallet cleared

Next Day:
7. Repeat from step 1

Bot Trader (API Wallet)

Setup (One-Time):
1. Create named agent in UI
2. Copy private key
3. Add to bot config
4. Start bot

Daily:
1. Bot loads key from config
2. Bot signs orders
3. Bot trades automatically

Shutdown:
1. Stop bot
2. Revoke agent (optional)
3. Delete private key

Troubleshooting

"Connection Failed"

Causes:

MetaMask not installed
Wallet locked
Wrong network selected
Browser extension disabled

Solutions:

Install MetaMask
Unlock wallet
Switch to correct network (usually Ethereum mainnet or testnet)
Enable browser extension
Refresh page

"Signature Rejected"

Causes:

User clicked "Reject"
Timeout waiting for signature
Wallet locked during signing

Solutions:

Try again
Check wallet is unlocked
Verify correct account selected
Confirm network matches

"Invalid Session"

Causes:

Browser refreshed (SessionStorage cleared)
Session wallet expired
Agent was revoked

Solutions:

Reconnect wallet
Sign new authorization
Create new session

"Wrong Network"

Causes:

Wallet on different chain
App expects different network

Solutions:

Open MetaMask
Click network dropdown
Select correct network (e.g., "Ethereum Mainnet" or custom RPC)
Refresh app

Best Practices

For Security

Do:

Use hardware wallet for large accounts
Verify all signature prompts
Keep wallet software updated
Use unique seed phrase
Enable 2FA on exchanges (if depositing from exchanges)

Don't:

Share seed phrase ever
Use same seed on multiple devices unnecessarily
Sign on public computers
Trust suspicious sites
Ignore security warnings

For Convenience

Do:

Use session wallets for active trading
Create API wallets for bots
Label different wallets clearly
Keep multiple accounts for different purposes

Don't:

Use same wallet for everything
Mix test and production
Leave sessions open on shared computers

Technical Details

Signature Challenge

Purpose:

Prove wallet ownership
Establish session
Prevent replay attacks

Message Format:

Welcome to Frontier Chain!

Sign this message to prove you own this wallet.

Nonce: 1678901234567
Expires: 2024-03-15T10:30:00Z

Verification:

1. User signs message
2. Server recovers signer address from signature
3. Server verifies recovered address matches connected wallet
4. Server creates session token

Session Tokens

JWT (JSON Web Tokens):

{
  "address": "0x1234...",
  "nonce": 1678901234567,
  "expires": 1678987634567
}

Storage:

Server-side: Secure database
Client-side: SessionStorage or memory
Not in cookies (prevent CSRF)
Short-lived (expire after session)

Conclusion

Frontier Chain's authentication model provides strong security through cryptographic signatures while enabling user-friendly trading through agent wallets. No passwords to remember, no accounts to create - your wallet is your identity.

Key Takeaways:

Wallet address is your account
Signatures prove ownership
No passwords or registration
Agent wallets for convenience
Self-custody maintained

Next Steps:

EIP-712 Signing Agent Wallets Nonce Management

PreviousEIP-712 Signing NextNonce Management

Last updated 1 month ago

Good morning

Overview

How It Works

Basic Authentication Flow

Authentication Methods

Direct Wallet Authentication

Agent Wallet Authentication

Session Management

Browser Sessions (Session Wallets)

Persistent Sessions (API Wallets)

Wallet Connection

MetaMask

WalletConnect

Hardware Wallets (Ledger/Trezor)

Security Considerations

Main Wallet Security

Agent Wallet Security

Authentication vs Authorization

Authentication

Authorization

Multi-Wallet Management

Multiple Accounts

Subaccounts

Common Workflows

First-Time User

Daily Trader (Session Wallet)

Bot Trader (API Wallet)

Troubleshooting

"Connection Failed"

"Signature Rejected"

"Invalid Session"

"Wrong Network"

Best Practices

For Security

For Convenience

Technical Details

Signature Challenge

Session Tokens

Conclusion